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REMARKS 



In response to the Office Action mailed September 12, 2007, Applicants respectfully 
request reconsideration. Claims 7-31 were previously pending in this application. By this 
amendment, claims 7, 11, 19 and 24 have been amended. Claims 8-10 have been canceled 
without prejudice or disclaimer. As a result, claims 7 and 11-31 are pending for examination 
with claims 7, 19, and 24 being independent. No new matter has been added. 

Rejections Under 35 U.S.C. §103 

The Office Action rejected claims 7-31 under 35 U.S.C. 103(a) as allegedly being 
unpatentable over Terzis, U.S. Published Patent Application No. 2004/0243835 ("Terzis") in 
view of Lambert, U.S. Published Patent Application No. 2002/0099952 ("Lambert"). Applicants 
respectfully disagree. In addition, without acceding to the appropriateness of the rejection, 
Applicants have amended independent claims 7, 19 and 24 to more clearly distinguish over the 
cited references. 

Claim 7, as amended, recites: 

An object model embodied on a computer-readable medium for managing 
a service on a computer, the object model comprising: 

a policy object model for specifying, by a first user, if it has been 
determined that the first user is authorized to perform the specification by 
comparing a rank of the first user against a permitted rank, at least one first policy 
that the service supports in a packet-centric form, and, by a second user, at least 
one second policy by selecting a security level from a plurality of security levels, 
with each security level from the plurality of security levels being previously set 
for a specified application and a specified user; and 

a policy engine platform for interacting of the first user with the at least 
one first policy and of the second user with the at least one second policy, and to 
provide the at least one first policy and the at least one second policy to at least 
one component that performs the service, wherein the policy engine platform 
comprises a rule editor that is configured by the first user to perform at least one 
of deleting, adding and editing the at least one first policy by the first user, and a 
setting editor that is configured by the first user to select a security level from the 
plurality of security levels by the second user. 

(Emphasis added). 

Claim 7 now additionally recites "wherein the policy engine platform comprises a rule 
editor that is configured by the first user to perform at least one of deleting, adding and editing 
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the at least one first policy by the first user, and a setting editor that is configured by the first user 
to select a security level from the plurality of security levels by the second user." Support for 
this amendment can be found, for example, on pages 31-34 of the present specification. 

Terzis describes, in connection with FIG. 4, an exemplary user interface (UI) 400 for 
establishment of policy rules within the MACSS. (Terzis, page 10, f 0134). Once the user logs 
in, the MACSS 230 accesses a set of rules that can be distributed to subsystems operating at 
several layers of the network for access control and security. (Terzis, page 4, <j[ 0056). FIG. 8 of 
Terzis illustrates exemplary basic building blocks of a policy engine 800. The policy engine may 
include a policy engine logic 810, a policy database 820, a protocol engine 830, Managed Object 
Propagation Protocol (MOPP) endpoints 840 and a multi-node module 85. (Terzis, page 5, f 
0067). Terzis does not teach or suggest that "the policy engine platform comprises a rule editor 
that is configured by the first user to perform at least one of deleting, adding and editing the at 
least one first policy by the first user, and a setting editor that is configured by the first user to 
select a security level from the plurality of security levels by the second user," as recited in claim 
7. 

Lambert is directed to controlling software execution by identifying and classifying 
software, and locating a rule and associated security level for executing executable software. 
(Lambert, Abstract). A policy can be per machine and per user, and can be automatically applied 
to network users via group policy technology. A policy generally comprises a general (default) 
rule and exceptions to the default rule set by an administrator. (Lambert, page 2, f 0011). An 
administrator identifies/classifies the software and sets the rules. (Lambert, page 6, f 0052). 
Nowhere does Lambert teach or suggest "a rule editor that is configured by the first user to 
perform at least one of deleting, adding and editing the at least one first policy by the first user, 
and a setting editor that is configured by the first user to select a security level from the plurality 
of security levels by the second user," as recited in claim 7. 

In view of the above, neither Terzis nor Lambert teaches or suggests "a rule editor that is 
configured by the first user to perform at least one of deleting, adding and editing the at least one 
first policy by the first user, and a setting editor that is configured by the first user to select a 
security level from the plurality of security levels by the second user," as recited in claim 7. 

In view of the foregoing, claim 7 patentably distinguishes over Terzis and Lambert, either 
alone or in combination. 
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Claims 11-18 depend from claim 7 and are allowable for at least the same reasons. 
Therefore withdrawal of the rejection of claims 7 and 11-18 is respectfully requested. 



Claim 19, as amended, recites: 

A method of managing a service on a computer, the method comprising: 

specifying, via a policy object model, by a first user, if it has been 
determined that the first user is authorized to perform the specification by 
comparing a rank of the first user against a permitted rank, at least one first policy 
that the service supports in a packet-centric form, and, by a second user, at least 
one second policy by selecting a security level from a plurality of security levels, 
with each security level from the plurality of security levels being previously set 
for a specified application and a specified user; 

interacting, via a policy engine platform, of the first user with the at least 
one first policy, and of the second user with the at least one second policy; and 

providing, via the policy engine platform, the at least one first policy and 
the at least one second policy to at least one component that performs the service, 
wherein the policy engine platform comprises a rule editor that is configured by 
the first user to perform at least one of deleting, adding and editing the at least 
one first policy by the first user, and a setting editor that is configured by the first 
user to select a security level from the plurality of security levels by the second 
user. 

(Emphasis added). 

Claim 19 now additionally recites "wherein the policy engine platform comprises a rule 
editor that is configured by the first user to perform at least one of deleting, adding and editing 
the at least one first policy by the first user, and a setting editor that is configured by the first user 
to select a security level from the plurality of security levels by the second user." Support for 
this amendment can be found, for example, on pages 31-34 of the present specification. 

As discussed above in connection with claim 7, neither Terzis nor Lambert teaches or 
suggests that "the policy engine platform comprises a rule editor that is configured by the first 
user to perform at least one of deleting, adding and editing the at least one first policy by the first 
user, and a setting editor that is configured by the first user to select a security level from the 
plurality of security levels by the second user," as recited in claim 19. 

In view of the foregoing, claim 19 patentably distinguishes over Terzis and Lambert, 
either alone or in combination. 

Claims 20-23 depend from claim 19 and are allowable for at least the same reasons. 

Therefore withdrawal of the rejection of claims 19-23 is respectfully requested. 
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Claim 24, as amended, recites: 

An object model embodied on a computer-readable medium for managing 
a firewall service on a computer, the object model comprising a policy object 
model used to specify, by a first user, if it has been determined that the first user 
is authorized to perform the specification by comparing a rank of the first user 
against a permitted rank, at least one first policy that the firewall service supports 
in a packet-centric form, and, by a second user, at least one second policy by 
selecting a security level from a plurality of security levels, with each security 
level from the plurality of security levels being previously set for a specified 
application and a specified user, the policy model comprising a policyrule object 
usable to generate a policy, the policyrule object comprising a condition property 
and an action property, wherein the policy generated by the policyrule object is 
configured to perform an action specified in the action property responsive to a 
condition specified in the condition property being met, wherein the object model 
comprises a policy engine platform comprising a rule editor that is configured by 
the first user to perform at least one of deleting, adding and editing the at least 
one first policy by the first user, and a setting editor that is configured by the first 
user to select a security level from the plurality of security levels by the second 
user. 

(Emphasis added). 

Claim 24 now additionally recites "wherein the object model comprises a policy engine 
platform comprising a rule editor that is configured by the first user to perform at least one of 
deleting, adding and editing the at least one first policy by the first user, and a setting editor that 
is configured by the first user to select a security level from the plurality of security levels by the 
second user." Support for this amendment can be found, for example, on pages 31-34 of the 
present specification. 

As discussed above in connection with claim 7, neither Terzis nor Lambert teaches or 
suggests that "the object model comprises a policy engine platform comprising a rule editor that 
is configured by the first user to perform at least one of deleting, adding and editing the at least 
one first policy by the first user, and a setting editor that is configured by the first user to select a 
security level from the plurality of security levels by the second user," as recited in claim 24. 

In view of the foregoing, claim 24 patentably distinguishes over Terzis and Lambert, 
either alone or in combination. 

Claims 25-31 depend from claim 24 and are allowable for at least the same reasons. 

Therefore withdrawal of the rejection of claims 24-31 is respectfully requested. 
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CONCLUSION 

A Notice of Allowance is respectfully requested. The Examiner is requested to call the 
undersigned at the telephone number listed below if this communication does not place the case 
in condition for allowance. 

If this response is not considered timely filed and if a request for an extension of time is 
otherwise absent, Applicants hereby request any necessary extension of time. If there is a fee 
occasioned by this response, including an extension fee, that is not covered by an enclosed 
check, please charge any deficiency to Deposit Account No. 23/2825. 

Dated: December 12, 2007 Respectfully submitted, 



By: /James H. Morris/ 

James H. Moms, Reg. No. 34,681 
Wolf, Greenfield & Sacks, P.C. 
600 Atlantic Avenue 
Boston, Massachusetts 02210-2206 
Telephone: (617) 646-8000 
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